Open topic with navigation

Enabling HTTPS with a Server Certificate

The following are the steps to follow to obtain and install a server certificate, and verify that it works.

1. Generate a Server Certificate Signing Request or a Self-Signed Server Certificate.
   
   To get a server certificate, do one of the following:

1. Create a Certificate Signing Request (CSR) and send it to a Certificate Authority for signing. This provides the highest level of trust to the client, as the client can be assured that the certificate it receives from the server (in this case, FortiADC) was approved (i.e., digitally signed) by a trusted third party. Thus, the client has the assurance of a third party that the server to which it is connecting is identifying itself legitimately (and is not impersonating the legitimate server’s identity). See Generating a CSR and Getting It Signed by a CA.

2. Create a certificate and sign it yourself. This provides a lower level of trust, since the client is essentially trusting the server to identify itself. Self-signed certificates are relatively easy to counterfeit, and are only recommended for use on internal, non-production, or test configurations. See Generating a Self-Signed Certificate.

2. Create the HTTPS cluster.
   
   When creating an HTTPS cluster, the default flags and parameters are acceptable for most server certificate configurations.

For more information on SSL parameters, see the section Layer 7 SSL Security (HTTPS Clusters).

3. Install the Server Certificate on FortiADC. See the section Layer 7 Security Certificate Screen (HTTPS Clusters).
4. Try connecting to the Cluster via HTTPS.
   
   From a client browser, open https://cluster, where cluster is the network node name or IP address of the HTTPS cluster. The browser may notify you that it is accepting a certificate from the server and ask for confirmation.

Once you accept the certificate, the requested page should be displayed.